The 3rd Generation Partnership Project (3GPP) employs Orthogonal Frequency Division Multiplexing (shorted for OFDM) and Multiple-Input Multiple-Output (shorted for MIMO) technologies in Release7 to complete the future evolution path HSPA+ of High Speed Downlink Packet Access (HSDPA) and High Speed Uplink Packet Access (HSUPA). The HSPA+ is an enhancement technology of 3GPP HSPA (including HSDPA and HSUPA). The HSPA+ provides a way of smooth evolution from the HSPA to Long Term Evolution (LTE) with low complexity and low cost for HSPA operators.
Compared with HSPA, in HSPA+ system architecture, functions of the Radio Network Controller (shorted for RNC) are given to the Node B to form completely flat radio access network architecture, shown in FIG. 1. In this case, the Node B integrating all functions of the RNC is called the evolved HSPA Node B, or shorted for enhanced Node B (Node B+). SGSN+ is the upgraded Service General Packet Radio System (GPRS) Support Node (SGSN) which can support the functions of the HSPA+. ME+ is the user terminal equipment which can support the functions of the HSPA+. The evolved HSPA system can use the air interface of the version of 3GPP Rel-5 and later, without having any modification for HSPA services of the air interface. After this solution is employed, each Node B+ becomes a node equivalent to the RNC, and has an Iu-PS interface to be able to directly connect with a PS Core Network (CN) (as SGSN and GGSN shown in FIG. 1). The Iu-PS user plane ends at the SGSN. In the above, if the network supports a direct tunnel function, the Iu-PS user plane may also end at the Gateway GPRS Support Node (GGSN). Communication between the evolved HSPA Nodes B is performed through an Iur interface. Node B+ has the capability of independent networking, and supports complete mobility functions, including inter-system and intra-system handoff.
As the network is flattened, the user plane data may reach the GGSN directly without passing through the RNC. It means that ciphering and integrity protection function of the user plane must be shifted forward to Node B+. At present, two HSPA+ security key hierarchy structures are proposed, as shown in FIG. 2 and FIG. 3 respectively.
In the key architecture as shown in FIG. 2, the definition of Key (K, the root key), Ciphering Key (CK) and Integrity Key (IK) is completely consistent to that in a traditional Universal Mobile Telecommunications System (UMTS). That is, K is a key saved in an Authentication Center (AuC) and a Universal Subscriber Identity Module (USIM). CK and IK are a ciphering key and an integrity key calculated from K when Authentication and Key Agreement (AKA) is performed between the UE and the Home Subscriber Server (HSS). CK and IK are called the traditional keys. That is, CK is the traditional ciphering key, and IK is the traditional integrity key. In the UMTS, the RNC uses the traditional air interface keys CK and IK to perform data ciphering and integrity protection. As functions of the RNC are all given to the Node B+ in the HSPA+ architecture, both ciphering and deciphering need to be performed at the Node B+. But, the Node B+ is in an insecure environment with low security. Therefore, a key hierarchy similar to Evolved Universal terrestrial Radio Access Network (E-UTRAN), i.e., an UTRAN key hierarchy, is introduced to the HSPA+. In the UTRAN key hierarchy structure, the air interface keys CKU and IKU are newly introduced to the HSPA+. The CKU and IKU are derived from CK and IK by the core network node (SGSN+ or MSC+), and are called enhanced keys. In the above, the enhanced key CKU is used for ciphering user plane data and control plane signaling, and the enhanced key IKU is used for performing integrity protection for the control plane signaling.
The difference between the key architecture shown in FIG. 3 and that shown in FIG. 2 is that: a new enhanced key, the intermediate key KASMEU, is added into the key architecture shown in FIG. 3. In this case, the intermediate key KASMEU is derived from the traditional keys CK and IK by the core network node (SGSN+ or MSC+). The enhanced key CKU/IKU (may also called CKS/IKS) is derived based on the intermediate key KASMEU by the core network node.
In a WCDMA system, the concept of Serving RNC (SRNC)/Drift RNC (DRNC) is produced due to the introduction of the Iur interface. Both SRNC and DRNC are logic concepts for a specific UE. Simply, for a certain UE, the RNC which is directly connected with the Core Network (CN) and controls all resources of the UE is called the SRNC of the UE. The RNC which is not connected with the CN and just provides resources for the UE is called the DRNC of the UE. The UE, which is in connected status, must have but only one SRNC, and may have 0 or multiple DRNCs.
In a WCDMA system, SRNC relocation is a process in which the SRNC of the UE changes from one RNC to another RNC. According to different positions of the UE before and after the relocation, there can be two types of relocation: the static relocation and concomitant relocation.
The condition for the static relocation is that the UE accesses but only from one DRNC. As the relocation process needs no participation of the UE, it is also called the UE not-involved relocation. After the relocation, the connection of the Iur interface is released, the Iu interface relocates, and the old DRNC becomes to the SRNC, shown in FIG. 4. The static relocation is caused by soft handoff. Due to the Iur interface, the relocation starts after all radio links are linked to the DRNC.
Concomitant relocation is a process in which the UE switches to a target RNC from the SRNC by hard handoff and the Iu interface changes simultaneously, shown in FIG. 5. As the relocation process needs the participation of the UE, it is also called the UE involved relocation.
In the HSPA+, as the Node B+ is in a physically insecure environment, it is easy to suffer hostile attack. The security is under threat. While in a traditional UMTS, the ciphering key CK and the integrity key IK are identical before and after the SRNC relocation. This may cause: on one hand, after a certain base station is breached by an attacker, the attacker may derive and obtain the security key of the next hop target base station; on the other hand, if the key is leaked or illegally obtained by an attacker, the attacker may monitor communication of the user all the time, may also counterfeit data transmission between the user and the network. Both situations will cause the consequence that the communication security of the user cannot be guaranteed.